Homework 3

Due: Thursday, February 27, 1997 at 10:00AM (note new time!)

Analytical

These are worth 25 points each.

  1. Write a set of rules combining the secrecy controls of the Bell-LaPadula model with the integrity controls of the Biba model.
  2. In the UNIX file system, could a mandatory access policy be defined so that a user has access to a file. only if the user has access to all subdirectories higher (closer to the root) in the file structure? What would be the effect of this policy?
  3. One version of the UNIX find(1) command works by scanning a database of fiole information that is constructed nightly. It then checks each directory in the file system; if the date of last modification is later than that stored in the database, or the directory is not in the database, it checks the files actually in the directory. Discuss the security implications of this version of find. Specifically, if you used find to locate all files modified after a certain date, or all files of a certain type (such as setUID to root), could this version of find miss files that the standard version of find would report?
  4. Assume the Clark-Wilson model is implemented on a computer system. Could a computer virus that scrambled constrained data items be introduced into the system? Why or why not? Specifically, if not, identify the precise control that would prevent it from being intorduced, and say why it would prevent the virus from being introduced; if yes, identify the specific control or controls that allow it to be introduced and say why they fail to keep it out.

Programming

This is worth 100 points.

    Write a program that takes as an argument a command name. On output, it prints the full path names of all programs with the command name in the user's path. Output should look like:
    dec24 % where mail
    mail: /usr/bin/mail* /usr/ucb/mail*
    If the user could execute a listed program, put a "*" after it (as above). If any of the files are symbolic links, put "@" followed by what it refers to. You must use C or C++ for this program.
    Hint: You do not need to worry about aliases.

Extra Credit

  1. Modify the program to handle C-shell aliases.


You can also see this document as a Binhex Framemaker version 5 document, Postscript document, or a plain ASCII text document.
Send email to [email protected].

Department of Computer Science
University of California at Davis
Davis, CA 95616-8562



Page last modified on 2/20/97